Bump gunicorn from 24.1.1 to 25.0.1 (#12019)

dependabot[bot] · web-flow · commit d187ece51b4e · 2026-02-03T10:56:47.000Z
Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 24.1.1 to 25.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benoitc/gunicorn/releases">gunicorn's releases</a>.</em></p> <blockquote> <h2>25.0.1</h2> <h2>Bug Fixes</h2> <ul> <li>Fix ASGI streaming responses (SSE) hanging: add chunked transfer encoding for HTTP/1.1 responses without Content-Length header. Without chunked encoding, clients wait for connection close to determine end-of-response.</li> </ul> <h2>Changes</h2> <ul> <li>Update celery_alternative example to use FastAPI with native ASGI worker and uvloop for async task execution</li> </ul> <h2>Testing</h2> <ul> <li>Add ASGI compliance test suite with Docker-based integration tests covering HTTP, WebSocket, streaming, lifespan, framework integration (Starlette, FastAPI), HTTP/2, and concurrency scenarios</li> </ul> <h2>Gunicorn 25.0.0</h2> <h2>New Features</h2> <ul> <li> <p><strong>Dirty Arbiters</strong>: Separate process pool for executing long-running, blocking operations (AI model loading, heavy computation) without blocking HTTP workers ([PR <a href="https://redirect.github.com/benoitc/gunicorn/issues/3460">#3460</a>](<a href="https://redirect.github.com/benoitc/gunicorn/pull/3460">benoitc/gunicorn#3460</a>))</p> <ul> <li>Inspired by Erlang's dirty schedulers</li> <li>Asyncio-based with Unix socket IPC</li> <li>Stateful workers that persist loaded resources</li> <li>New settings: <code>--dirty-app</code>, <code>--dirty-workers</code>, <code>--dirty-timeout</code>, <code>--dirty-threads</code>, <code>--dirty-graceful-timeout</code></li> <li>Lifecycle hooks: <code>on_dirty_starting</code>, <code>dirty_post_fork</code>, <code>dirty_worker_init</code>, <code>dirty_worker_exit</code></li> </ul> </li> <li> <p><strong>Per-App Worker Allocation for Dirty Arbiters</strong>: Control how many dirty workers load each app for memory optimization with heavy models ([PR <a href="https://redirect.github.com/benoitc/gunicorn/issues/3473">#3473</a>](<a href="https://redirect.github.com/benoitc/gunicorn/pull/3473">benoitc/gunicorn#3473</a>))</p> <ul> <li>Set <code>workers</code> class attribute on DirtyApp (e.g., <code>workers = 2</code>)</li> <li>Or use config format <code>module:class:N</code> (e.g., <code>myapp:HeavyModel:2</code>)</li> <li>Requests automatically routed to workers with the target app</li> <li>New exception <code>DirtyNoWorkersAvailableError</code> for graceful error handling</li> <li>Example: 8 workers × 10GB model = 80GB → with <code>workers=2</code>: 20GB (75% savings)</li> </ul> </li> <li> <p><strong>HTTP/2 Support (Beta)</strong>: Native HTTP/2 (RFC 7540) support for improved performance with modern clients ([PR <a href="https://redirect.github.com/benoitc/gunicorn/issues/3468">#3468</a>](<a href="https://redirect.github.com/benoitc/gunicorn/pull/3468">benoitc/gunicorn#3468</a>))</p> <ul> <li>Multiplexed streams over a single connection</li> <li>Header compression (HPACK)</li> <li>Flow control and stream prioritization</li> <li>Works with gthread, gevent, and ASGI workers</li> <li>New settings: <code>--http-protocols</code>, <code>--http2-max-concurrent-streams</code>, <code>--http2-initial-window-size</code>, <code>--http2-max-frame-size</code>, <code>--http2-max-header-list-size</code></li> <li>Requires SSL/TLS and h2 library: <code>pip install gunicorn[http2]</code></li> </ul> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/benoitc/gunicorn/commit/3bf529f6c2bac9e2210613ed1feac57853fb8534"><code>3bf529f</code></a> docs: sync news.md with 2026-news.md</li> <li><a href="https://github.com/benoitc/gunicorn/commit/1f4f245d76f4a28c5b72384a3bb7ac76146c42e6"><code>1f4f245</code></a> Merge pull request <a href="https://redirect.github.com/benoitc/gunicorn/issues/3478">#3478</a> from benoitc/feature/asgi-compliance-testbed</li> <li><a href="https://github.com/benoitc/gunicorn/commit/e1519c05693be4685380ee415f97d808b7826821"><code>e1519c0</code></a> docs: add ASGI compliance test suite to changelog</li> <li><a href="https://github.com/benoitc/gunicorn/commit/0885005b08a2262c57b0e7b465c9e7d591a62f4d"><code>0885005</code></a> fix(tests): correct assertions in ASGI compliance tests</li> <li><a href="https://github.com/benoitc/gunicorn/commit/658924c4364a4b2e1a418de6695daaa1ef1d4cbe"><code>658924c</code></a> docs: update changelog for 25.0.1</li> <li><a href="https://github.com/benoitc/gunicorn/commit/c5b6e82277d91889b940121d05987d878d9a97c3"><code>c5b6e82</code></a> chore: bump version to 25.0.1</li> <li><a href="https://github.com/benoitc/gunicorn/commit/ce352dc230fb03009a53cedd32d570edf7ca1fec"><code>ce352dc</code></a> fix(asgi): add chunked transfer encoding for streaming responses</li> <li><a href="https://github.com/benoitc/gunicorn/commit/29b8a3a763766f7ea4bd42878e259ab5e6603613"><code>29b8a3a</code></a> Merge pull request <a href="https://redirect.github.com/benoitc/gunicorn/issues/3476">#3476</a> from benoitc/dependabot/github_actions/actions/check...</li> <li><a href="https://github.com/benoitc/gunicorn/commit/791ab46e1c0940fd3c8193263fdee83a499f1553"><code>791ab46</code></a> chore(deps): bump actions/checkout from 4 to 6</li> <li><a href="https://github.com/benoitc/gunicorn/commit/9235b72ab8bd4b485a9e2b852704f35be0de5032"><code>9235b72</code></a> Merge pull request <a href="https://redirect.github.com/benoitc/gunicorn/issues/3475">#3475</a> from benoitc/dependabot/github_actions/actions/uploa...</li> <li>Additional commits viewable in <a href="https://github.com/benoitc/gunicorn/compare/24.1.1...25.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=pip&previous-version=24.1.1&new-version=25.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt
@@ -24,7 +24,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base-ft.in
 idna==3.10
     # via yarl
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -24,7 +24,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base.in
 idna==3.10
     # via yarl
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
@@ -83,7 +83,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base.in
 identify==2.6.16
     # via pre-commit
diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -81,7 +81,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base.in
 identify==2.6.16
     # via pre-commit
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
@@ -47,7 +47,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base-ft.in
 idna==3.10
     # via
diff --git a/requirements/test.txt b/requirements/test.txt
@@ -47,7 +47,7 @@ frozenlist==1.8.0
     # via
     #   -r requirements/runtime-deps.in
     #   aiosignal
-gunicorn==24.1.1
+gunicorn==25.0.1
     # via -r requirements/base.in
 idna==3.10
     # via
